Switch from SHA-1 to SHA-256 for new signing key certs.
This is to move OTA update package verification logic for new Android
devices from SHA-1 to SHA-256.
Prior to this change the script which generates new signing keys
used SHA-1 in certificates. This change switches the script from SHA-1
to SHA-256. The reason is that OTA updates are accepted only if they
are signed using the same digest algorithm as in the certificate.
Bug: 25643280
Bug: 20580998
Change-Id: I9babe85946a43697aeb4309837504aea25e26763